Insecure Permissions in Ruckus Wireless Unleashed Devices Allows Credential Overwrite
CVE-2020-13915

7.5HIGH

Key Information:

Vendor: Ruckuswireless
Status: Unleashed Firmware
Vendor: CVE Published:; 28 July 2020

🔔 Create Ruckuswireless Vulnerability Alert

What is CVE-2020-13915?

Ruckus Wireless Unleashed devices have a vulnerability in the emfd/libemf component, allowing an unauthenticated remote attacker to exploit insecure permissions. By sending a crafted HTTP request, an attacker can overwrite administrative credentials, potentially gaining unauthorized control over affected devices. This vulnerability spans multiple models, making it critical for users of Ruckus Unleashed to review security measures to prevent exploitation.

References

https://support.ruckuswireless.com/security_bulletins/304

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2020
Vulnerability Reserved
Jun 7, 2020